The path to the signer's private key. For
signify, the private key name is
used to set the @signer annotation.
If a corresponding public key is found, the first signatures will be
checked for key mismatches.

The signature is stored within the
gzip(1) comment, as plain text
data, according to signify(1)-zS mode. It contains the ed25519
signature, some meta-information, and SHA512/256 checksums for each 64K block
of compressed data.

Additionally, for further manual checking, the packing-list contains a complete
manifest of files within the package, checksummed with
sha256(1) and annotated with
proper @mode,
@user,
@group annotations, so that
pkg_add(1) will refuse to give
special rights to any file which isn't properly annotated, and so that it will
abort on installation of a file whose checksum does not match.

Meta-information from signify(1)
gets inserted in the packing list during extraction, adding a
@digital-signature annotation and a
@signer annotation for further manual
inspection.